program:
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") (async, rerun: 64)
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f00000002c0)={0x4, 0x2, 0xffff, 0x6, 0x1, 0xfffffffffffffffd, 0x0, 0x36a, 0xde4}) (async, rerun: 64)
lsetxattr$trusted_overlay_upper(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0), &(0x7f0000000b80)=ANY=[], 0xe01, 0x0) (async)
symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000e40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') (async)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x100) (async)
chdir(&(0x7f00000000c0)='./bus\x00') (async)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) (async)
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f00000000c0)={0x10001, 0x2, 0x3}) (async, rerun: 64)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (rerun: 64)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2c) (async)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000a40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', 0x80000)
r3 = syz_socket_connect_nvme_tcp() (async)
perf_event_open(&(0x7f0000001480)={0x2, 0x80, 0xbb, 0x1, 0x0, 0x0, 0x0, 0xe4b8, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x20000000}, 0x2980, 0x2, 0xe, 0x4, 0x1, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
pread64(r4, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r2, 0xc018937e, &(0x7f0000000b80)={{0x1, 0x1, 0x18, r3}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00'}) (async)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000240)="dbe466fe830c0000000fc79a00000000650f8100000000b8010000000f01d9b95a0a0000b8aef80000ba000000000f300f791500580000660f73fb00260f78f766baf80cb83b675e84ef66bafc0cec", 0x4f}], 0x1, 0x8, &(0x7f0000000140)=[@cstype3={0x5, 0xd}, @cr4={0x1, 0x100402}], 0x2)
capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7})
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

[   75.162571][ T5336] Bluetooth: hci0: command tx timeout
[   75.239028][ T5356] loop0: detected capacity change from 0 to 512
[   75.290102][ T5356] __kmem_cache_create_args(ext4_groupinfo_2k) failed with error -22
[   75.301476][ T5356] CPU: 0 UID: 0 PID: 5356 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.301493][ T5356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.301500][ T5356] Call Trace:
[   75.301504][ T5356]  <TASK>
[   75.301509][ T5356]  dump_stack_lvl+0x189/0x250
[   75.301692][ T5356]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.301705][ T5356]  ? __pfx__printk+0x10/0x10
[   75.301722][ T5356]  ? __kmem_cache_create_args+0x1d8/0x320
[   75.301763][ T5356]  ? kmem_cache_free+0x18f/0x400
[   75.301778][ T5356]  __kmem_cache_create_args+0x237/0x320
[   75.301793][ T5356]  ext4_mb_init+0x2ff/0x2860
[   75.301812][ T5356]  ? __pfx_ext4_mb_init+0x10/0x10
[   75.301821][ T5356]  ? ext4_fc_replay_cleanup+0x7d/0xc0
[   75.301837][ T5356]  ? rcu_is_watching+0x15/0xb0
[   75.301848][ T5356]  ? ext4_fill_super+0x515f/0x6090
[   75.301862][ T5356]  ? kfree+0x4d/0x440
[   75.301876][ T5356]  ext4_fill_super+0x5253/0x6090
[   75.301903][ T5356]  ? __pfx_ext4_fill_super+0x10/0x10
[   75.301915][ T5356]  ? set_blocksize+0x21e/0x500
[   75.301935][ T5356]  ? sb_set_blocksize+0x104/0x180
[   75.301949][ T5356]  ? setup_bdev_super+0x4c1/0x5b0
[   75.301963][ T5356]  get_tree_bdev_flags+0x40e/0x4d0
[   75.301975][ T5356]  ? __pfx_ext4_fill_super+0x10/0x10
[   75.301988][ T5356]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[   75.302007][ T5356]  vfs_get_tree+0x8f/0x2b0
[   75.302028][ T5356]  do_new_mount+0x2a2/0x9e0
[   75.302044][ T5356]  ? ns_capable+0x8a/0xf0
[   75.302054][ T5356]  ? __pfx_do_new_mount+0x10/0x10
[   75.302065][ T5356]  ? path_mount+0x61c/0xfe0
[   75.302076][ T5356]  ? user_path_at+0x44/0x60
[   75.302093][ T5356]  __se_sys_mount+0x317/0x410
[   75.302110][ T5356]  ? __pfx___se_sys_mount+0x10/0x10
[   75.302127][ T5356]  ? do_syscall_64+0xbe/0x3b0
[   75.302198][ T5356]  ? __x64_sys_mount+0x20/0xc0
[   75.302212][ T5356]  do_syscall_64+0xfa/0x3b0
[   75.302222][ T5356]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.302232][ T5356]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.302242][ T5356]  ? clear_bhb_loop+0x60/0xb0
[   75.302255][ T5356]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.302264][ T5356] RIP: 0033:0x7fb94619066a
[   75.302274][ T5356] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.302282][ T5356] RSP: 002b:00007fb947032e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   75.302294][ T5356] RAX: ffffffffffffffda RBX: 00007fb947032ef0 RCX: 00007fb94619066a
[   75.302301][ T5356] RDX: 00002000000004c0 RSI: 0000200000000500 RDI: 00007fb947032eb0
[   75.302308][ T5356] RBP: 00002000000004c0 R08: 00007fb947032ef0 R09: 0000000001000410
[   75.302314][ T5356] R10: 0000000001000410 R11: 0000000000000246 R12: 0000200000000500
[   75.302320][ T5356] R13: 00007fb947032eb0 R14: 00000000000004eb R15: 0000200000000100
[   75.302336][ T5356]  </TASK>
[   75.302341][ T5356] EXT4-fs: no memory for groupinfo slab cache
[   75.428586][ T5356] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] SMP KASAN NOPTI
[   75.433636][ T5356] KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
[   75.437140][ T5356] CPU: 0 UID: 0 PID: 5356 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.441015][ T5356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.445437][ T5356] RIP: 0010:kasan_byte_accessible+0x12/0x30
[   75.447990][ T5356] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 e9 50 ab 5a 09 cc 66 66 66 66 66 66 2e
[   75.456082][ T5356] RSP: 0018:ffffc9000d407700 EFLAGS: 00010006
[   75.458769][ T5356] RAX: dffffc0000000000 RBX: ffffffff8b7f0bf7 RCX: fb5f3aa9eb11b500
[   75.462107][ T5356] RDX: 0000000000000000 RSI: ffffffff8b7f0bf7 RDI: 0000000000000003
[   75.466463][ T5356] RBP: ffffffff8b7b3d59 R08: 0000000000000001 R09: 0000000000000000
[   75.470921][ T5356] R10: dffffc0000000000 R11: fffffbfff1f87907 R12: 0000000000000000
[   75.475268][ T5356] R13: 0000000000000018 R14: 0000000000000018 R15: 0000000000000001
[   75.479188][ T5356] FS:  00007fb9470336c0(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000
[   75.482896][ T5356] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.485799][ T5356] CR2: 00007ffe60e6cb80 CR3: 0000000042631000 CR4: 0000000000352ef0
[   75.489297][ T5356] Call Trace:
[   75.490830][ T5356]  <TASK>
[   75.492185][ T5356]  __kasan_check_byte+0x12/0x40
[   75.494448][ T5356]  lock_acquire+0x8d/0x360
[   75.496428][ T5356]  _raw_spin_lock_irqsave+0xa7/0xf0
[   75.498807][ T5356]  ? xa_destroy+0x59/0x2e0
[   75.500714][ T5356]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[   75.503306][ T5356]  ? _printk+0xcf/0x120
[   75.505050][ T5356]  xa_destroy+0x59/0x2e0
[   75.506869][ T5356]  ext4_mb_init+0x136a/0x2860
[   75.509000][ T5356]  ? __pfx_ext4_mb_init+0x10/0x10
[   75.511291][ T5356]  ? ext4_fc_replay_cleanup+0x7d/0xc0
[   75.513657][ T5356]  ? rcu_is_watching+0x15/0xb0
[   75.515835][ T5356]  ? ext4_fill_super+0x515f/0x6090
[   75.518122][ T5356]  ? kfree+0x4d/0x440
[   75.520308][ T5356]  ext4_fill_super+0x5253/0x6090
[   75.522544][ T5356]  ? __pfx_ext4_fill_super+0x10/0x10
[   75.524845][ T5356]  ? set_blocksize+0x21e/0x500
[   75.526996][ T5356]  ? sb_set_blocksize+0x104/0x180
[   75.529383][ T5356]  ? setup_bdev_super+0x4c1/0x5b0
[   75.531593][ T5356]  get_tree_bdev_flags+0x40e/0x4d0
[   75.533863][ T5356]  ? __pfx_ext4_fill_super+0x10/0x10
[   75.536166][ T5356]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[   75.538679][ T5356]  vfs_get_tree+0x8f/0x2b0
[   75.540904][ T5356]  do_new_mount+0x2a2/0x9e0
[   75.542726][ T5356]  ? ns_capable+0x8a/0xf0
[   75.544569][ T5356]  ? __pfx_do_new_mount+0x10/0x10
[   75.546751][ T5356]  ? path_mount+0x61c/0xfe0
[   75.548774][ T5356]  ? user_path_at+0x44/0x60
[   75.550733][ T5356]  __se_sys_mount+0x317/0x410
[   75.552874][ T5356]  ? __pfx___se_sys_mount+0x10/0x10
[   75.555120][ T5356]  ? do_syscall_64+0xbe/0x3b0
[   75.557207][ T5356]  ? __x64_sys_mount+0x20/0xc0
[   75.559386][ T5356]  do_syscall_64+0xfa/0x3b0
[   75.561506][ T5356]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.563764][ T5356]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.566365][ T5356]  ? clear_bhb_loop+0x60/0xb0
[   75.568499][ T5356]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.571159][ T5356] RIP: 0033:0x7fb94619066a
[   75.573213][ T5356] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.581538][ T5356] RSP: 002b:00007fb947032e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   75.585380][ T5356] RAX: ffffffffffffffda RBX: 00007fb947032ef0 RCX: 00007fb94619066a
[   75.588687][ T5356] RDX: 00002000000004c0 RSI: 0000200000000500 RDI: 00007fb947032eb0
[   75.592129][ T5356] RBP: 00002000000004c0 R08: 00007fb947032ef0 R09: 0000000001000410
[   75.595585][ T5356] R10: 0000000001000410 R11: 0000000000000246 R12: 0000200000000500
[   75.599090][ T5356] R13: 00007fb947032eb0 R14: 00000000000004eb R15: 0000200000000100
[   75.602505][ T5356]  </TASK>
[   75.603894][ T5356] Modules linked in:
[   75.605647][ T5356] ---[ end trace 0000000000000000 ]---
[   75.608061][ T5356] RIP: 0010:kasan_byte_accessible+0x12/0x30
[   75.610646][ T5356] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 e9 50 ab 5a 09 cc 66 66 66 66 66 66 2e
[   75.618921][ T5356] RSP: 0018:ffffc9000d407700 EFLAGS: 00010006
[   75.621614][ T5356] RAX: dffffc0000000000 RBX: ffffffff8b7f0bf7 RCX: fb5f3aa9eb11b500
[   75.625011][ T5356] RDX: 0000000000000000 RSI: ffffffff8b7f0bf7 RDI: 0000000000000003
[   75.628588][ T5356] RBP: ffffffff8b7b3d59 R08: 0000000000000001 R09: 0000000000000000
[   75.631991][ T5356] R10: dffffc0000000000 R11: fffffbfff1f87907 R12: 0000000000000000
[   75.635331][ T5356] R13: 0000000000000018 R14: 0000000000000018 R15: 0000000000000001
[   75.638879][ T5356] FS:  00007fb9470336c0(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000
[   75.642805][ T5356] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.645654][ T5356] CR2: 00007ffe60e6cb80 CR3: 0000000042631000 CR4: 0000000000352ef0
[   75.649225][ T5356] Kernel panic - not syncing: Fatal exception
[   75.652229][ T5356] Kernel Offset: disabled
[   75.654146][ T5356] Rebooting in 86400 seconds..